RicoTubbs Posted August 4, 2010 ID:295571 Share Posted August 4, 2010 Hello all, I am having a problem with my browser redirecting me to random sites. I have tried using CCleaner, ComboFix, MGtools and Malwarebytes. I can not get Malwarebytes to update (MBAM_ERROR_UPDATING (12007,0, WinHTTPSendRequest). Any help would be greatly appreciated. I am having this problem on 3 browsers (IE, Google Chrome and FireFox)*************Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:13:56 PM, on 8/4/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18928)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\explorer.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exeC:\Users\Suthar\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Suthar\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Suthar\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXEO4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttrayO4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [Google Update] "C:\Users\Suthar\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exeO23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exeO23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXEO23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exeO23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exeO23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe--End of file - 7678 bytes Link to post Share on other sites More sharing options...
Staff screen317 Posted August 5, 2010 Staff ID:295867 Share Posted August 5, 2010 Hi and welcome to Malwarebytes.Please know that running ComboFix is very dangerous unless under the eye of a trained analyst.With that said, please post the log from C:\ComboFix.txtNext, download DDS by sUBs and save it to your Desktop.Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized. Link to post Share on other sites More sharing options...
RicoTubbs Posted August 6, 2010 Author ID:296838 Share Posted August 6, 2010 Thanx for your help________________________________________________________________________________________________________________ComboFix 10-08-02.01 - Suthar 08/04/2010 14:28:07.1.2 - x86Microsoft Link to post Share on other sites More sharing options...
Staff screen317 Posted August 6, 2010 Staff ID:296978 Share Posted August 6, 2010 Hi,Next, please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicNext, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317 Link to post Share on other sites More sharing options...
RicoTubbs Posted August 9, 2010 Author ID:298498 Share Posted August 9, 2010 Hey Chris, thanx for your help this far but I am still having redirecting problems. The ESET Online Scanner found no threats. I don Link to post Share on other sites More sharing options...
RicoTubbs Posted August 9, 2010 Author ID:298508 Share Posted August 9, 2010 I have updated Java and Adobe Reader Link to post Share on other sites More sharing options...
Staff screen317 Posted August 10, 2010 Staff ID:298625 Share Posted August 10, 2010 Hi,Please delete your copy of ComboFix, grab the latest version from here and save it to your Desktop. Ensure that all security programs are disabled, then run it and post its log. Also post a fresh DDS log. Link to post Share on other sites More sharing options...
RicoTubbs Posted August 10, 2010 Author ID:298988 Share Posted August 10, 2010 ComboFix 10-08-09.03 - Suthar 08/10/2010 11:40:26.1.2 - x86Microsoft Link to post Share on other sites More sharing options...
Staff screen317 Posted August 12, 2010 Staff ID:299502 Share Posted August 12, 2010 Hi,Next, download MBRCheck.exe by a_d_13 and save it to your Desktop.Run it; when it completes, a log will be available on your Desktop (MBRCheck xxxxxx .txt) where xxxxxx is the time it ran. Link to post Share on other sites More sharing options...
RicoTubbs Posted August 12, 2010 Author ID:299572 Share Posted August 12, 2010 MBRCheck, version 1.2.3© 2010, ADCommand-line: Windows Version: Windows Vista Home Premium EditionWindows Information: Service Pack 2 (build 6002), 32-bitBase Board Manufacturer: ASUSTek Computer INC.BIOS Manufacturer: Phoenix Technologies, LTDSystem Manufacturer: HP-PavilionSystem Product Name: KJ302AA-ABA a6432fLogical Drives Mask: 0x000002fcKernel Drivers (total 151): 0x81E47000 \SystemRoot\system32\ntkrnlpa.exe 0x81E14000 \SystemRoot\system32\hal.dll 0x80408000 \SystemRoot\system32\kdcom.dll 0x8040F000 \SystemRoot\system32\PSHED.dll 0x80420000 \SystemRoot\system32\BOOTVID.dll 0x80428000 \SystemRoot\system32\CLFS.SYS 0x80469000 \SystemRoot\system32\CI.dll 0x80549000 \SystemRoot\system32\drivers\Wdf01000.sys 0x805C5000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x80604000 \SystemRoot\system32\drivers\acpi.sys 0x8064A000 \SystemRoot\system32\drivers\WMILIB.SYS 0x80653000 \SystemRoot\system32\drivers\msisadrv.sys 0x8065B000 \SystemRoot\system32\drivers\pci.sys 0x80682000 \SystemRoot\System32\drivers\partmgr.sys 0x80691000 \SystemRoot\system32\drivers\volmgr.sys 0x806A0000 \SystemRoot\System32\drivers\volmgrx.sys 0x806EA000 \SystemRoot\system32\drivers\pciide.sys 0x806F1000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x806FF000 \SystemRoot\System32\drivers\mountmgr.sys 0x8070F000 \SystemRoot\system32\drivers\nvraid.sys 0x8072A000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8074B000 \SystemRoot\system32\drivers\atapi.sys 0x80753000 \SystemRoot\system32\drivers\ataport.SYS 0x80771000 \SystemRoot\system32\drivers\nvstor32.sys 0x80795000 \SystemRoot\system32\drivers\storport.sys 0x89808000 \SystemRoot\system32\drivers\fltmgr.sys 0x8983A000 \SystemRoot\system32\drivers\fileinfo.sys 0x8984A000 \SystemRoot\System32\Drivers\ksecdd.sys 0x898BB000 \SystemRoot\system32\drivers\ndis.sys 0x899C6000 \SystemRoot\system32\drivers\msrpc.sys 0x89A07000 \SystemRoot\system32\drivers\NETIO.SYS 0x89A42000 \SystemRoot\System32\drivers\tcpip.sys 0x89B2C000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x89C00000 \SystemRoot\System32\Drivers\Ntfs.sys 0x89D10000 \SystemRoot\system32\drivers\volsnap.sys 0x89D49000 \SystemRoot\System32\Drivers\spldr.sys 0x89D51000 \SystemRoot\System32\Drivers\mup.sys 0x89D60000 \SystemRoot\System32\drivers\ecache.sys 0x89D87000 \SystemRoot\system32\drivers\disk.sys 0x89D98000 \SystemRoot\system32\drivers\crcdisk.sys 0x89DDC000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x89DE7000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x89DF0000 \SystemRoot\system32\DRIVERS\amdk8.sys 0x89B47000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x89B5A000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x89B65000 \SystemRoot\system32\DRIVERS\PS2.sys 0x89B6A000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x89B75000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x89B7F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x89BBD000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x89BCC000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x89BDC000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x8D806000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys 0x8D852000 \SystemRoot\system32\DRIVERS\ks.sys 0x8D87C000 \SystemRoot\system32\DRIVERS\HSX_DP.sys 0x8DA0F000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys 0x8DAC4000 \SystemRoot\system32\drivers\modem.sys 0x8DAD1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8DC00000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys 0x8DCFD000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8DD15000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys 0x8DE09000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x8E528000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8E5C9000 \SystemRoot\System32\drivers\watchdog.sys 0x8DD1B000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8E5D5000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8E5E0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8DD4A000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8DD55000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8DD78000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8DD87000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8DD9B000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8DDB0000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8E5F7000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8DDC0000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8DDCA000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8DB5E000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8DDD7000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8EC05000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x8EE12000 \SystemRoot\system32\drivers\portcls.sys 0x8EE3F000 \SystemRoot\system32\drivers\drmk.sys 0x8EE64000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8EE6D000 \SystemRoot\System32\Drivers\Null.SYS 0x8EE74000 \SystemRoot\System32\Drivers\Beep.SYS 0x8EE7B000 \SystemRoot\System32\drivers\vga.sys 0x8EE87000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8EEA8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8EEB0000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8EEB8000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8EEC3000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8EED1000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8EEDA000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8EEF0000 \SystemRoot\System32\Drivers\SYMTDI.SYS 0x8EF1C000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS 0x8EF41000 \SystemRoot\System32\Drivers\SYMREDRV.SYS 0x8EF45000 \SystemRoot\System32\Drivers\SYMDNS.SYS 0x8EF47000 \SystemRoot\System32\Drivers\SYMNDISV.SYS 0x8EF54000 \SystemRoot\System32\Drivers\SYMFW.SYS 0x8EF6A000 \SystemRoot\system32\DRIVERS\smb.sys 0x8EF7E000 \SystemRoot\system32\drivers\afd.sys 0x8EFC6000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8DDE8000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8DE00000 \SystemRoot\system32\DRIVERS\SymIMv.sys 0x8DB93000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8DBA1000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8DBB4000 \SystemRoot\System32\Drivers\SRTSPX.SYS 0x8D97E000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 0x8EFF8000 \SystemRoot\System32\Drivers\SCDEmu.SYS 0x8DBBE000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8DA00000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8F402000 \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20100729.001\IDSvix86.sys 0x8F44A000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 0x8F4A8000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 0x8F4C5000 \SystemRoot\System32\Drivers\dfsc.sys 0x8F4DC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x8F4F1000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8F4F3000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8F500000 \SystemRoot\System32\Drivers\dump_diskdump.sys 0x8F50A000 \SystemRoot\System32\Drivers\dump_nvstor32.sys 0x970C0000 \SystemRoot\System32\win32k.sys 0x8F52E000 \SystemRoot\System32\drivers\Dxapi.sys 0x8F538000 \SystemRoot\system32\DRIVERS\monitor.sys 0x972E0000 \SystemRoot\System32\TSDDD.dll 0x97300000 \SystemRoot\System32\cdd.dll 0x8F547000 \SystemRoot\system32\drivers\luafv.sys 0x9C00A000 \SystemRoot\system32\drivers\spsys.sys 0x9C0BA000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x9C0CA000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x9C0DD000 \SystemRoot\system32\drivers\HTTP.sys 0x9C14A000 \??\C:\Windows\system32\drivers\CO_Mon.sys 0x9C152000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9C16F000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9C188000 \SystemRoot\System32\drivers\mpsdrv.sys 0x9C19D000 \SystemRoot\system32\drivers\mrxdav.sys 0x9C1BE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x8F562000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x9C1DD000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x8F59B000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA0607000 \SystemRoot\System32\DRIVERS\srv.sys 0xA066D000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xA0671000 \SystemRoot\system32\drivers\peauth.sys 0xA074F000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA0759000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA0765000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0xA077A000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0xA078C000 \SystemRoot\system32\DRIVERS\xaudio.sys 0xA0794000 \SystemRoot\System32\Drivers\SRTSP.SYS 0xA6761000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA6600000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100811.040\NAVEX15.SYS 0xA674C000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100811.040\NAVENG.SYS 0x77630000 \Windows\System32\ntdll.dllProcesses (total 79): 0 System Idle Process 4 System 528 C:\Windows\System32\smss.exe 600 csrss.exe 652 C:\Windows\System32\wininit.exe 664 csrss.exe 696 C:\Windows\System32\services.exe 712 C:\Windows\System32\lsass.exe 728 C:\Windows\System32\lsm.exe 792 C:\Windows\System32\winlogon.exe 888 C:\Windows\System32\svchost.exe 932 C:\Windows\System32\nvvsvc.exe 960 C:\Windows\System32\svchost.exe 1100 C:\Windows\System32\svchost.exe 1132 C:\Windows\System32\svchost.exe 1148 C:\Windows\System32\svchost.exe 1256 C:\Windows\System32\audiodg.exe 1276 C:\Windows\System32\svchost.exe 1308 C:\Windows\System32\SLsvc.exe 1352 C:\Windows\System32\svchost.exe 1460 C:\Windows\System32\rundll32.exe 1536 C:\Windows\System32\svchost.exe 1788 C:\Windows\System32\spoolsv.exe 1828 C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE 1884 C:\Windows\System32\taskeng.exe 1912 C:\Windows\System32\dwm.exe 1976 C:\Windows\explorer.exe 1992 C:\Windows\System32\taskeng.exe 2168 C:\Windows\System32\svchost.exe 2516 C:\Windows\RtHDVCpl.exe 2536 C:\hp\support\hpsysdrv.exe 2644 C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe 2684 C:\Windows\System32\rundll32.exe 2696 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 2716 C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE 2768 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 2804 C:\Program Files\iTunes\iTunesHelper.exe 2816 C:\Program Files\Common Files\Java\Java Update\jusched.exe 2828 C:\Program Files\Windows Sidebar\sidebar.exe 2852 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 2908 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 3200 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 3232 C:\Windows\System32\svchost.exe 3252 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 3284 C:\Windows\System32\svchost.exe 3320 C:\Windows\System32\svchost.exe 3340 C:\Windows\System32\svchost.exe 3444 C:\Windows\System32\svchost.exe 3488 C:\Windows\System32\svchost.exe 3572 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 3680 C:\Windows\System32\SearchIndexer.exe 3740 WUDFHost.exe 3796 C:\Windows\System32\drivers\XAudio.exe 3824 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 4080 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 1108 C:\Windows\System32\mobsync.exe 1820 C:\Windows\System32\svchost.exe 2104 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe 3848 C:\Program Files\Windows Sidebar\sidebar.exe 2156 C:\Windows\System32\wbem\unsecapp.exe 3964 WmiPrvSE.exe 688 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe 3456 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe 2528 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe 1376 C:\Program Files\iPod\bin\iPodService.exe 4468 C:\hp\KBD\kbd.exe 4588 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe 4980 C:\Windows\System32\wuauclt.exe 6120 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe 4400 C:\Users\Suthar\AppData\Local\Google\Chrome\Application\chrome.exe 4680 C:\Users\Suthar\AppData\Local\Google\Chrome\Application\chrome.exe 5388 C:\Users\Suthar\AppData\Local\Google\Chrome\Application\chrome.exe 880 C:\Users\Suthar\AppData\Local\Google\Chrome\Application\chrome.exe 4296 C:\Windows\System32\SearchProtocolHost.exe 4160 C:\Users\Suthar\AppData\Local\Google\Chrome\Application\chrome.exe 6020 C:\Windows\System32\SearchFilterHost.exe 5272 dllhost.exe 4800 dllhost.exe 5836 C:\Users\Suthar\Desktop\MBRCheck.exe\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000072`1af67c00 (NTFS)PhysicalDrive0 Model Number: SAMSUNGHD501LJ, Rev: CR10 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Hewlett-Packard MBR code detected SHA1: F362CE084BC77B454330005C1657154A64FB9456Done! Link to post Share on other sites More sharing options...
Staff screen317 Posted August 13, 2010 Staff ID:300138 Share Posted August 13, 2010 Hi,Please run a GMER Rootkit scan:Download GMER's application from here:http://www.gmer.net/gmer.zipUnzip it and start the GMER.exeClick the Rootkit tab and click the Scan button.Once done, click the Copy button.This will copy the results to your clipboard.Paste the results in your next reply.Warning ! Please, do not select the "Show all" checkbox during the scan.Next, download RootRepeal from one of the following locations and save it to your desktop:Link 1 Link 2 Link 3Double click to start the program Click on the Report tab at the bottom of the program window Click the button In the Select Scan dialog, check: Drivers Files Processes SSDT Stealth Objects Hidden Services Shadow SSDT [*]Click the OK button [*]In the next dialog, select all drives showing [*]Click OK to start the scan Note: The scan can take some time. DO NOT run any other programs while the scan is running [*]When the scan is complete, click the button and save the report to your Desktop as RootRepeal.txt [*]Go to File, then Exit to close the program If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead. To attach a file, do the following:Click Add Reply Under the reply panel is the Attachments Panel Browse for the attachment file you want to upload, then click the green Upload button Once it has uploaded, click the Manage Current Attachments drop down box Click on to insert the attachment into your postNext, please download Rootkit Unhooker and save it to your Desktop.Disable your security programsDouble click RKUnhookerLE.exe to run itClick the Report tab, then click ScanCheck Drivers, Stealth Code, Files, and Code HooksUncheck the rest, then click OKWhen prompted to Select Disks for Scan, make sure C:\ is checked and click OKWait till the scanner has finished then go File --> Save ReportSave the report somewhere you can find it. Click Close.Copy the entire contents of the report and paste it in your next reply.If you get the following warning, please ignore it:"Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?" Link to post Share on other sites More sharing options...
RicoTubbs Posted August 14, 2010 Author ID:300192 Share Posted August 14, 2010 hello, during the gmer scan I get a BLUE Screen and my computer restarts Link to post Share on other sites More sharing options...
Staff screen317 Posted August 15, 2010 Staff ID:300624 Share Posted August 15, 2010 Hi,Skip the GMER scan and proceed to the other scans. Link to post Share on other sites More sharing options...
Staff screen317 Posted August 29, 2010 Staff ID:306390 Share Posted August 29, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts